| View previous topic :: View next topic |
| Author |
Message |
JohnSawyer
Newbie
Joined: 25 Feb 2003
Posts: 8
Location: San Diego, CA
|
 Posted: Fri Jan 09, 2004 10:11 pm Post subject: Sending Keys to MSGINA.DLL - Bypassing AutoAdmin Logon |
 |
|
AutoAdmin Logon is a huge security risk for Win2k servers. The password for the account and the account name are stored in the registry Clear Text.
I'm hoping I can find a way to accomplish the same thing, without the security hole.
I've tested using "window send" to send Ctrl-Alt-delete to an active window, but no luck.
Does anybody know how to send Ctrl-Alt-Delete key combinations?
Thanks! |
|
| Back to top |
|
 |
CodeScript
Moderator Team
Joined: 08 Jun 2003
Posts: 1060
Location: India
|
| Posted: Sat Jan 10, 2004 4:35 am Post subject: |
|
|
You can use keybd_event API as it accomplishes things at hardware level so is equivalent to a user pressing those keys.
_________________
Regards
- CodeScript
 Give your application a professional look with the VDSGUI Extension |
|
| Back to top |
|
|
CodeScript
Moderator Team
Joined: 08 Jun 2003
Posts: 1060
Location: India
|
| Posted: Sat Jan 10, 2004 9:38 am Post subject: |
|
|
| Code: | LOADLIB USER32
%A = @LIB(USER32,keybd_event,nil:,int:$A5,0,0,0)
%A = @LIB(USER32,keybd_event,nil:,int:$12,0,0,0)
%A = @LIB(USER32,keybd_event,nil:,int:$2E,0,0,0)
%A = @LIB(USER32,keybd_event,nil:,int:$A5,0,$2,0)
%A = @LIB(USER32,keybd_event,nil:,int:$12,0,$2,0)
%A = @LIB(USER32,keybd_event,nil:,int:$2E,0,$2,0)
FREELIB USER32 |
But the above code does not work no matter U use left or right sided key codes. Spying reveels that these keyboard events are produced but windows (XP here) ignores. This is probably intentional. You may try searching for gina replacements on the net.
_________________
Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension |
|
| Back to top |
|
|
JohnSawyer
Newbie
Joined: 25 Feb 2003
Posts: 8
Location: San Diego, CA
|
| Posted: Sat Jan 10, 2004 8:16 pm Post subject: |
|
|
I've been reading that the gina may intentionally ignore non-hardware requests for security reasons...
Looks like I struck out.
Thanks for the tip, though. I need to get up to speed on API's...
I need to write a process that uses "runas" in a secure manner... |
|
| Back to top |
|
|
FreezingFire
Admin Team
Joined: 23 Jun 2002
Posts: 3508
|
| Posted: Sat Jan 10, 2004 10:51 pm Post subject: |
|
|
| JohnSawer wrote: | | I need to write a process that uses "runas" in a secure manner... |
I believe CodeScript has written a DSU or example script that allows
you to "runas" or impersonate user permissions.
_________________
FreezingFire
VDSWORLD.com
Site Admin Team |
|
| Back to top |
|
|
JohnSawyer
Newbie
Joined: 25 Feb 2003
Posts: 8
Location: San Diego, CA
|
| Posted: Sun Jan 11, 2004 6:39 pm Post subject: |
|
|
There is an example, and he indicated that it worked properly for him in WinXP, but I'm trying to run it on Windows 2000 server and it isn't working. I'm not getting any errors in the eventlog, so I think there's something amiss with the API call. I'm still a newb at API's so I'm sure it's something "easy" for somebody with some experience. I'll keep tapping away at it for a while and see what I find.
I was thinking if I could use the RUNAS program and use window send to type the password, that would be sufficient.
The question is, if I use runh to launch the process, would window send work? |
|
| Back to top |
|
|
CodeScript
Moderator Team
Joined: 08 Jun 2003
Posts: 1060
Location: India
|
| Posted: Mon Jan 12, 2004 3:20 am Post subject: |
|
|
Hi JohnSawyer
I thought I replied to your post.
http://www.vdsworld.com/index.php?page=download&fileid=324
The example has been tested on XP only as U said but it ssems it works well on 2k/NT with service packs for local accounts. It won't work for network accounts for the simple reason that I don't have the reqiured environment to test it. However it comes with source and you/any one with network account can try modify that.
Even if U use runh for RUNAS you can still send keys to it.
_________________
Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension |
|
| Back to top |
|
|
JohnSawyer
Newbie
Joined: 25 Feb 2003
Posts: 8
Location: San Diego, CA
|
| Posted: Mon Jan 12, 2004 3:53 pm Post subject: |
|
|
You did reply to my post, and we bounced a couple e-mails back and forth... and I appreciate the help!
I was unable to make it work for network based accounts, however. I don't recall if I got it to work for local accounts... It's amazing how much brain power is lost once one has children.
I'm going to give it another try and see what I can figure out.
One question, while I have your attention:
I understand the basics behind APIs, and have found numerous references for VBScript. Is there a reference available that isn't vbscript specific? I'm having difficulty making the conversion to VDS. This problem is probably due to my high workload and lack of time to dedicate to this. . .
Thanks! |
|
| Back to top |
|
|
CodeScript
Moderator Team
Joined: 08 Jun 2003
Posts: 1060
Location: India
|
| Posted: Tue Jan 13, 2004 3:56 am Post subject: |
|
|
I have PMed you more details.
_________________
Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
@vdsworld